The correct response to unknown EDNS versions is to return BADVERS. This was spelt out in RFC 2671 in 1999 and has not been changed in RFC 6891.
Nameservers should not ignore the versions field. Nameservers should respond to unknown EDNS versions. Nameservers should not return FORMERR. Returning the answer as if it was EDNS(0) with the rcode set to BADVERS is pointless as this doesn't work for negative answers. One vendor has already fixed this. http://users.isc.org/~marka/ts/gov.edns1fail.html If you are a DNS vendor can you please ensure that your software handles unknown EDNS versions correctly. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
